Slmgr.vbs Options

[MachineName]

Name of a remote machine (default is local machine)

[User]

Account with the required privilege on the remote machine

[Password]

Password for the account with required privileges on the remote machine

/ipk product_key

Attempts to install a 5×5 product key. The product key provided by the parameter is confirmed valid and applicable to the installed operating system. If not, an error is returned.

If the key is valid and applicable, the key is installed. If a key is already installed, it is silently replaced.

To prevent instability in the license service, the system should be restarted or the Software Protection Service should be restarted.

This operation must be run from an elevated command prompt, or the Standard User Operations registry value must be set to allow unprivileged users extra access to the Software Protection Service.

/ato [Activation ID]

For retail editions and volume systems with a KMS host key or a Multiple Activation Key (MAK) installed, /ato prompts Windows to attempt online activation.

For systems with a Generic Volume License Key (GVLK) installed, this prompts an attempt at KMS activation. Systems that have been set to suspend automatic KMS activation attempts (/stao) still attempt KMS activation when /ato is run.

The parameter [Activation ID] expands /ato support to identify a Windows edition installed on the computer. Specifying the [Activation ID] parameter isolates the effects of the option to the edition associated with that Activation ID. Run Slmgr.vbs /dlv all to get the Activation IDs for the installed version of Windows. If you need to support other applications, see the guidance provided by that application for further instruction.

KMS activation does not require elevated privileges. However, online activation does require elevation, or the Standard User Operations registry value must be set to allow unprivileged users extra access to the Software Protection Service.

/dli [Activation ID | All]

Display license information.

By default, /dli displays the license information for the installed active Windows edition. Specifying the [Activation ID] parameter displays the license information for the specified edition associated with that Activation ID. Specifying the [All] as the parameter will display all applicable installed products’ license information.

This operation does not require elevated privileges.

/dlv [Activation ID | All]

Display detailed license information.

By default, /dlv displays the license information for the installed operating system. Specifying the [Activation ID] parameter displays the license information for the specified edition associated with that Activation ID. Specifying the [All] parameter displays all applicable installed products’ license information.

This operation does not require elevated privileges.

/xpr [Activation ID]

Display the activation expiration date for the product. By default, this refers to the current Windows edition and is primarily useful for KMS clients, because MAK and retail activation is perpetual.

Specifying the [Activation ID] parameter displays the activation expiration date of the specified edition associated with that Activation ID.

This operation does not require elevated privileges.

/cpky

Some servicing operations require the product key to be available in the registry during Out-of-Box Experience (OOBE) operations. The /cpky option removes the product key from the registry to prevent this key from being stolen by malicious code.

For retail installations that deploy keys, best practices recommend running this option. This option is not required for MAK and KMS host keys, because this is the default behavior for those keys. This option is only needed for other types of keys where the default behavior is not to clear the key from the registry.

This operation must be run from an elevated command prompt.

/ilc <license_file>

This option installs the license file specified by the required parameter. These licenses may be installed as a troubleshooting measure, to support token-based activation, or as part of a manual installation of an on-boarded application.

Licenses are not validated during this process: License validation is out of scope for Slmgr. Instead, validation is handled by the Software Protection Service at runtime.

This operation must be run from an elevated command prompt, or the Standard User Operations registry value must be set to allow unprivileged users extra access to the Software Protection Service.

/rilc

This option reinstalls all licenses stored in %SystemRoot%\system32\oem and %SystemRoot%\System32\spp\tokens. These are “known-good” copies stored during installation.

Any matching licenses in the Trusted Store are replaced. Any additional licenses—for example, Trusted Authority (TA) Issuance Licenses (ILs), licenses for applications—are not touched.

This operation must be run from an elevated command prompt, or the Standard User Operations registry value must be set to allow unprivileged users extra access to the Software Protection Service.

/rearm

This option resets the activation timers. The /rearm process is also called by sysprep /generalize.

This operation will do nothing if the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\SkipRearm registry subkey is equal to 1. See the section “Registry Settings,” later in this guide, for details on this registry subkey.

This operation must be run from an elevated command prompt, or the Standard User Operations registry value must be set to allow unprivileged users extra access to the Software Protection Service.

/upk [ActivationID]

This option uninstalls the product key of the current Windows edition. After a restart, the system will be in an Unlicensed state unless a new product key is installed.

Optionally, you can use the [Activation ID] parameter to specify a different installed product.

This operation must be run from an elevated command prompt.

/skms Name[:Port] | : port [Activation ID] [Activation ID]

This option specifies the name and, optionally, the port of the KMS host computer to contact. Setting this value disables auto-detection of the KMS host.

If the KMS host uses Internet Protocol version 6 (IPv6) only, the address must be specified in the format [hostname]:port. IPv6 addresses contain colons (:), which will be misparsed by the Slmgr.vbs script.

This operation must be run from an elevated command prompt.

/ckms [Activation ID]

This option removes the specified KMS host name, address, and port information from the registry and restores KMS auto-discovery behavior.

This operation must be run from an elevated command prompt.

/skhc

This option enables KMS host caching (default), which blocks the use of Domain Name System (DNS) priority and weight after the initial discovery of a working KMS host. If the system can no longer contact the working KMS host, discovery will be attempted again.

This operation must be run from an elevated command prompt.

/ckhc

This option disables KMS host caching. This setting instructs the client to use DNS auto-discovery each time it attempts KMS activation (recommended when using priority and weight).

This operation must be run from an elevated command prompt.

/sai <interval>

This option sets the interval in minutes for unactivated clients to attempt KMS connection. The activation interval must be between 15 minutes and 30 days, although the default (2 hours) is recommended.

The KMS client initially picks up this interval from registry but switches to the KMS setting after it receives the first KMS response.

This operation must be run from an elevated command prompt.

/sri <interval>

This option sets the renewal interval in minutes for activated clients to attempt KMS connection. The renewal interval must be between 15 minutes and 30 days. This option is set initially on both the KMS server and client sides. The default is 10080 minutes (7 days).

The KMS client initially picks up this interval from the registry but switches to the KMS setting after it receives the first KMS response.

This operation must be run from an elevated command prompt.

/sprt <port>

This option sets the port on which the KMS host listens for client activation requests. The default TCP port is 1688.

This operation must be run from an elevated command prompt.

/sdns

Enable DNS publishing by the KMS host (default).

This operation must be run from an elevated command prompt.

/cdns

Disable DNS publishing by the KMS host.

This operation must be run from an elevated command prompt.

/spri

Set the KMS priority to normal (default).

This operation must be run from an elevated command prompt.

/cpri

Set the KMS priority to low.

Use this option to minimize contention from KMS in a co-hosted environment. Note that this could lead to KMS starvation, depending on what other applications or server roles are active. Use with care.

This operation must be run from an elevated command prompt.

/lil

List the installed token-based activation issuance licenses.

/ril <ILID> <ILvID>

Remove an installed token-based activation issuance license.

This operation must be run from an elevated command prompt.

/stao

Set the Token-based Activation Only flag, disabling automatic KMS activation.

This operation must be run from an elevated command prompt.

/ctao

Clear the Token-based Activation Only flag (default), enabling automatic KMS activation.

This operation must be run from an elevated command prompt.

/ltc

List valid token-based activation certificates that can activate installed software.

/fta <Certificate Thumbprint> [PIN]

Force token-based activation using the identified certificate. The optional personal identification number (PIN) is provided to unlock the private key without a PIN prompt when using certificates that are protected by hardware (for example, smart cards).